>Allowing Specific Clients to Connect Only to One Chosen Access Point:   I'm with @UKDanJones .  The WiFi network is making live continuous measurements.  It knows more about the RF spectrum than you will do.  You will not be able to manually outperform the algorithm.   HOWEVER, if you really wanted to do this, it would be possible via RADIUS.  You would probably create a policy that only allowed a client to authenticate when it connected to a specific AP.  You would need to disable roaming on the WiFi system to prevent the network trying to offload the client if the AP got overloaded.  You would also need to find a WiFi driver that allowed you to force the client to connect to a specific AP, even if another one looked better.   >Blocking Unauthorized Clients:   Same deal.  You ideally want to be using something like WPA2-Enterprise mode, and then just create whatever RADIUS policies you want to say who can connect to what.   If the machines are all Windows and attached to Active Directory you could also create group policies to deny connection to specific SSIDs. ... View more